Dynamic Analysis Security Testing looks at an application’s behavior while it runs. There are several practices that fall under DAST. Vulnerability assessment identifies the threats to the organization’s assets and recommends and prioritizes remediation strategies.
The most aggressive form of DAST is penetration testing or pentesting. There are two approaches to pentesting:
- In black-box or external testing the auditor accesses the network from a remote location and is not aware of any internals beforehand. Essentially, the auditor is in the same position as an attacker.
- In white-box or internal testing the auditor gets access to information about the system’s internals.
Pentesting goes beyond vulnerability assessment and moves into exploitation, privilege escalation and maintaining access.
|Previous: Threat Model|